Adds a feature whitelist at planbuild stage (pingcap#304)

* init Signed-off-by: David <[email protected]> * format errors Signed-off-by: David <[email protected]> * restrict information schema Signed-off-by: David <[email protected]> * fmt Signed-off-by: David <[email protected]> * bazel Signed-off-by: David <[email protected]> * fmt Signed-off-by: David <[email protected]> * disable datadir Signed-off-by: David <[email protected]> * add ttl check for create and alter table Signed-off-by: David <[email protected]> * create table ttl Signed-off-by: David <[email protected]> * address comments Signed-off-by: David <[email protected]> * update error doc Signed-off-by: David <[email protected]> * add the back to the error message Signed-off-by: David <[email protected]> * unblock 'SHOW CONFIG' for lightning Signed-off-by: David <[email protected]> --------- Signed-off-by: David <[email protected]> Co-authored-by: zzm <[email protected]>
CabinfeverB · Mar 13, 2023 · ba65916 · ba65916
1 parent d05a1e2
commit ba65916
Show file tree

Hide file tree

Showing 11 changed files with 394 additions and 9 deletions.
diff --git a/ddl/BUILD.bazel b/ddl/BUILD.bazel
@@ -120,6 +120,7 @@ go_library(
         "//util/ranger",
         "//util/resourcegrouptag",
         "//util/rowDecoder",
+        "//util/serverless",
         "//util/set",
         "//util/slice",
         "//util/sqlexec",

diff --git a/ddl/ttl.go b/ddl/ttl.go
@@ -30,6 +30,7 @@ import (
 	"github.com/pingcap/tidb/sessiontxn"
 	"github.com/pingcap/tidb/types"
 	"github.com/pingcap/tidb/util/dbterror"
+	"github.com/pingcap/tidb/util/serverless"
 )
 
 func onTTLInfoRemove(d *ddlCtx, t *meta.Meta, job *model.Job) (ver int64, err error) {
@@ -97,6 +98,10 @@ func onTTLInfoChange(d *ddlCtx, t *meta.Meta, job *model.Job) (ver int64, err er
 }
 
 func checkTTLInfoValid(ctx sessionctx.Context, schema model.CIStr, tblInfo *model.TableInfo) error {
+	if err := serverless.VerifyTTLInfo(schema, tblInfo); err != nil {
+		return err
+	}
+
 	if err := checkTTLIntervalExpr(ctx, tblInfo.TTLInfo); err != nil {
 		return err
 	}

diff --git a/errno/errcode.go b/errno/errcode.go
@@ -1112,4 +1112,7 @@ const (
 	ErrTiKVMaxTimestampNotSynced = 9011
 	ErrTiFlashServerTimeout      = 9012
 	ErrTiFlashServerBusy         = 9013
+
+	// Serverless tier errors.
+	ErrNotSupportedOnServerless = 20001
 )
diff --git a/errno/errname.go b/errno/errname.go
@@ -1119,4 +1119,7 @@ var MySQLErrName = map[uint16]*mysql.ErrMessage{
 	ErrPrometheusAddrIsNotSet:    mysql.Message("Prometheus address is not set in PD and etcd", nil),
 	ErrTiKVStaleCommand:          mysql.Message("TiKV server reports stale command", nil),
 	ErrTiKVMaxTimestampNotSynced: mysql.Message("TiKV max timestamp is not synced", nil),
+
+	// Serverless Tier errors.
+	ErrNotSupportedOnServerless: mysql.Message("'%s' is not supported on the Serverless Tier.", nil),
 }
diff --git a/errors.toml b/errors.toml
@@ -1071,6 +1071,11 @@ error = '''
 %s is not supported. Reason: %s. Try %s.
 '''
 
+["ddl:20001"]
+error = '''
+'%s' is not supported on the Serverless Tier.
+'''
+
 ["ddl:3102"]
 error = '''
 Expression of generated column '%s' contains a disallowed function.

diff --git a/planner/core/BUILD.bazel b/planner/core/BUILD.bazel
@@ -137,6 +137,7 @@ go_library(
         "//util/ranger",
         "//util/rowcodec",
         "//util/sem",
+        "//util/serverless",
         "//util/set",
         "//util/size",
         "//util/sqlexec",

diff --git a/planner/core/planbuilder.go b/planner/core/planbuilder.go
@@ -63,6 +63,7 @@ import (
 	utilparser "github.com/pingcap/tidb/util/parser"
 	"github.com/pingcap/tidb/util/ranger"
 	"github.com/pingcap/tidb/util/sem"
+	"github.com/pingcap/tidb/util/serverless"
 	"github.com/pingcap/tidb/util/set"
 	"github.com/pingcap/tidb/util/sqlexec"
 	"github.com/pingcap/tidb/util/stmtsummary"
@@ -777,6 +778,10 @@ func (b *PlanBuilder) ResetForReuse() *PlanBuilder {
 // Build builds the ast node to a Plan.
 func (b *PlanBuilder) Build(ctx context.Context, node ast.Node) (Plan, error) {
 	b.optFlag |= flagPrunColumns
+
+	if err := serverless.VerifyStatement(node); err != nil {
+		return nil, err
+	}
 	switch x := node.(type) {
 	case *ast.AdminStmt:
 		return b.buildAdmin(ctx, x)

diff --git a/util/dbterror/ddl_terror.go b/util/dbterror/ddl_terror.go
@@ -436,4 +436,7 @@ var (
 
 	// ErrNotSupportedYet returns when tidb does not support this feature.
 	ErrNotSupportedYet = ClassDDL.NewStd(mysql.ErrNotSupportedYet)
+
+	// ErrNotSupportedOnServerless returns when user requested a serverless unsupported feature.
+	ErrNotSupportedOnServerless = ClassDDL.NewStd(mysql.ErrNotSupportedOnServerless)
 )
diff --git a/util/sem/sem.go b/util/sem/sem.go
@@ -63,14 +63,21 @@ const (
 	restrictedPriv        = "RESTRICTED_"
 	tidbAuditRetractLog   = "tidb_audit_redact_log" // sysvar installed by a plugin
 
-	placementAdmin = "PLACEMENT_ADMIN"
+	placementAdmin     = "PLACEMENT_ADMIN"
+	backupAdmin        = "BACKUP_ADMIN"
+	restoreAdmin       = "RESTORE_ADMIN"
+	resourceGroupAdmin = "RESOURCE_GROUP_ADMIN"
 
 	// Additional tables for serverless tier.
-	clusterInfo      = "cluster_info"
-	tikvRegionStatus = "tikv_region_status"
-	tikvStoreStatus  = "tikv_store_status"
-	tiflashSegments  = "tiflash_segments"
-	tiflashTables    = "tiflash_tables"
+	clusterInfo           = "cluster_info"
+	tikvRegionStatus      = "tikv_region_status"
+	tikvStoreStatus       = "tikv_store_status"
+	tiflashSegments       = "tiflash_segments"
+	tiflashTables         = "tiflash_tables"
+	resourceGroups        = "resource_groups"
+	tidbHotRegionsHistory = "tidb_hot_regions_history"
+	tidbServersInfo       = "tidb_servers_info"
+
 	// Serverless tier slow query related tables.
 	slowQuery                       = "slow_query"
 	clusterSlowQuery                = "cluster_slow_query"
@@ -132,7 +139,8 @@ func IsInvisibleTable(dbLowerName, tblLowerName string) bool {
 			inspectionRules, inspectionSummary, metricsSummary, metricsSummaryByLabel, metricsTables, tidbHotRegions,
 			clusterInfo, tikvRegionStatus, tikvStoreStatus, tiflashSegments, tiflashTables, clusterSlowQuery,
 			slowQuery, statementsSummary, statementsSummaryEvicted, statementsSummaryHistory, clusterStatementsSummary,
-			clusterStatementsSummaryEvicted, clusterStatementsSummaryHistory:
+			clusterStatementsSummaryEvicted, clusterStatementsSummaryHistory, resourceGroups, tidbHotRegionsHistory,
+			tidbServersInfo:
 			return true
 		}
 	case performanceSchema:
@@ -191,7 +199,8 @@ func IsInvisibleSysVar(varNameInLower string) bool {
 		variable.TiDBStmtSummaryFileMaxBackups,
 		variable.TiDBStmtSummaryFilename,
 		tidbAuditRetractLog,
-		variable.TiDBEnableAsyncCommit:
+		variable.TiDBEnableAsyncCommit,
+		variable.DataDir:
 		return true
 	}
 	return false
@@ -200,7 +209,12 @@ func IsInvisibleSysVar(varNameInLower string) bool {
 // IsRestrictedPrivilege returns true if the privilege shuld not be satisfied by SUPER
 // As most dynamic privileges are.
 func IsRestrictedPrivilege(privNameInUpper string) bool {
-	if privNameInUpper == placementAdmin {
+	switch privNameInUpper {
+	case
+		placementAdmin,
+		backupAdmin,
+		restoreAdmin,
+		resourceGroupAdmin:
 		return true
 	}
 	if len(privNameInUpper) < 12 {

diff --git a/util/serverless/BUILD.bazel b/util/serverless/BUILD.bazel
@@ -0,0 +1,13 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library")
+
+go_library(
+    name = "serverless",
+    srcs = ["feature_control.go"],
+    importpath = "github.com/pingcap/tidb/util/serverless",
+    visibility = ["//visibility:public"],
+    deps = [
+        "//parser/ast",
+        "//parser/model",
+        "//util/dbterror",
+    ],
+)